Award-winning news, views, and insight from the ESET security community

Millions at risk as guest information from hotel Wi-Fi provider “goes on sale” in China

A huge amount of private information harvested via hotel Wi-Fi networks is on sale in China - including phone numbers, dates of birth and addresses from hotel guests who logged in to networks in their rooms.

A huge amount of private information harvested via hotel Wi-Fi networks is on sale in China – including phone numbers, dates of birth and addresses from hotel guests who logged in to networks in their rooms.

A huge amount of private information harvested via hotel Wi-Fi networks is on sale in China – including phone numbers, dates of birth and addresses from hotel guests who logged in to networks in their rooms.

The leak potentially affects millions – anyone who logged in in any of 450,000 hotel rooms serviced by one company.

“People rushed to check hotel bookings by celebrities and their family members,” says Patrick Boehler, a journalist for the South China Morning Post, who worked on the story, speaking to WeLiveSecurity.

Despite the closure of two sites offering the data, private data on guests is still on sale today, according to Boehler.

“Today it emerged that that other hackers have obtained the data and are offering the info on other sites which as of this morning were still running,” Boehler said.

The amount of data on offer could be “substantial”, the South China Morning Post’s report said – CNWisdom services 450,000 rooms across 4,500 hotels. To register, guests enter their phone numbers, ID card, address, date of birth and workplace.

CNWisdom issued a statement saying that it was not responsible for the leak, as data from hotels it did not service was also on sale.

“The leak was first discovered by a consultancy company in Beijing,” says Boehler. “The company that manages the WiFi services for these hotel chains denied the report and then nothing happened until this website, chakaifang.info appeared last week.”

Personal data theft is common in China – but the authorities are attempting to clamp down on those who sell it, with new data protection rules coming into force on 1 September this year, according to The Register.

Hotel Wi-Fi is often a privacy risk – and has even been used to distribute malware. In a detailed guide to how to get online safely while traveling, ESET Researcher Stephen Cobb says, “Consider using a 3G or 4G hotspot instead of hotel Internet or free public Wi-Fi hotspots. If you are logging into a work network, use a VPN, and do not visit banking or shopping sites.”